General
-
Target
SecuriteInfo.com.Trojan.GenericKD.49372806.12532.25705
-
Size
235KB
-
Sample
220715-1d7ytseef9
-
MD5
ac1429ffb0da2f0566c6d962f3726722
-
SHA1
5030c312545901872262a6c8602fef73f6e413c9
-
SHA256
38fbf4ef63938c61701107b226bef84d19a357b215830ce660101cfe6f59e75c
-
SHA512
412f250da91fa2402f20c3012e84f04c9fe353ad4d8bdd9ffdf1361e42b8008ae7104cbb88adf324070cec54f22fdd26491938329c405266f30ef403d50f53bd
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKD.49372806.12532.exe
Resource
win7-20220715-en
Malware Config
Extracted
xloader
2.6
vweq
malang-media.com
mrsfence.com
lubetops.com
aitimedia.net
montecryptocapital.com
ahwmedia.com
bvmnc.site
bggearstore.com
bcsantacoloma.online
alltimephotography.com
santacruz-roofings.com
leaplifestyleenterprises.com
censovet.com
similkameenfarms.com
undisclosed.email
thetrinityco.com
rapiturs.com
jedlersdorf.info
mh7jk12e.xyz
flygurlblogwordpress.com
goodbaddesign.com
equipmentrentalpartyplus.com
ohyoutube.com
projetoarvore.com
2379.flights
implemedescribed.com
kreasinesia.com
ownitoffice.com
fortekofteacizyemeknerde.store
my-wh-webproject.com
518499.com
naples-us.com
tlrohio.com
kanchava.com
lcloudfindin.com
cybermatrix.tech
i6lqi.xyz
ebay-online-selling-24.com
afrisectelecoms.com
tiantian997.xyz
strategyvenues.com
marketnear.watch
thebrooklynyogi.com
sonikbuilder.online
voyagesconsulting.com
ledgel0ungers.com
youhadtobethere.biz
disabled-long.com
dental-implants-encounter.life
zydssq.com
livingwell.green
doumao334.xyz
moodysoot.online
licos.xyz
maqitashop.com
doroos.online
laikemiao.com
petrolverse.xyz
apostolicpraise.net
todaychance.com
helightville.com
st-john-fisher-school.com
agwly.com
dashop.pro
zxc3426.xyz
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.49372806.12532.25705
-
Size
235KB
-
MD5
ac1429ffb0da2f0566c6d962f3726722
-
SHA1
5030c312545901872262a6c8602fef73f6e413c9
-
SHA256
38fbf4ef63938c61701107b226bef84d19a357b215830ce660101cfe6f59e75c
-
SHA512
412f250da91fa2402f20c3012e84f04c9fe353ad4d8bdd9ffdf1361e42b8008ae7104cbb88adf324070cec54f22fdd26491938329c405266f30ef403d50f53bd
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-